A​ ​clever​ ​use​ ​of​ ​NTFS​ ​file​ ​system​ ​linksThe Windows NTFS file system has a feature known as "Directory Junctions" which are similar to Unix symbolic links. This abuse of directory junctions can cause the quarantine directory to appear in the system's DLL search path... which will cause the system to load the malicious software -- named as a DLL -- in preference to the actual DLL it is searching for. https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

Vault​ ​8:​ ​WikiLeaks​ ​releases​ ​source​ ​code​ ​for​ ​Hive​ ​-​ ​CIA's​ ​malware​ ​control​ ​systemWikiLeaks has released the source code for what appears to be a command-and-control system used by the CIA for managing remotely located surveillance implants. It is known, somewhat dramatically, as "the Hive" and consists of a system for hiding the communications of CIA implants in plain sight. https://wikileaks.org/vault8/

OnePlus left a backdoor that allows root access without unlocking BootloaderJust over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. https://thehackernews.com/2017/11/oneplus-root-exploit.html

17-year-old MS Office flaw lets hackers install malware without user interactionThe vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Office 365, and works against all versions of the Windows operating system, including the latest Microsoft Windows 10 Creators Update. https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about

Forever 21 warns shoppers of payment card breachAmerican clothes retailer Forever 21 has announced that the company has suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment cards used at a number of its retail locations. The Los Angeles based company, which operates over 815 stores in 57 countries, didn't say which of its stores were affected, but it did note that customers who shopped between March and October this year may be affected. https://newsroom.forever21.com/releases/notice-of-payment-card-security-incident

Bluetooth hack affects 20 million Amazon Echo and Google home devicesA series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.

As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne. BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks. https://www.youtube.com/watch?v=g6ivGislWWo&feature=youtu.be

Death of the Tier 1 SOC analystThe job of the so-called Tier 1 or Level 1 security operations centre (SOC) analyst is on track for extinction. A combination of emerging technologies, alert overload, and fallout from the cybersecurity talent shortage is starting to gradually squeeze out the entry-level SOC position. https://goo.gl/Ei851R

Russia's "Irrefutable Evidence" that US aided ISIS is video game screengrabThe Russian Defense Ministry has posted “irrefutable evidence” on Twitter and Facebook that the US aided ISIS, which has turned out to be screengrabs from a well-known video game and a video published online by the Iraqi military in 2016. https://goo.gl/M2Dfrf

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub for yearsThe private SSL key was found sitting in a public DJI-owned GitHub repo by Kevin Finisterre, a researcher who focuses on DJI products. AWS account credentials and firmware AES encryption keys were also left exposed, along with highly sensitive personal information in poorly configured public-facing AWS S3 buckets, which he summarized as a “full infrastructure compromise. https://www.theregister.co.uk/2017/11/16/dji_private_keys_left_github/

November 17 2017

Share this page:

Receive the latest news and relevant updates directly in your browser. (max. one message per week)